[UFO Chicago] Apache case-insensitive username matching with .htaccess directives?

Jay F Shachter jay at m5.chicago.il.us
Tue Apr 14 05:59:34 PDT 2009

As the title of this electronic mail message
implies, this is an Apache question more than a
operating-system question, but I believe that most
Apache administrators are also users of free
operating systems, so my use of ufo at ufo.chicago.il.us
for this question is not, I hope, inapt.

I wish to restrict access to a certain directory on
a webserver, such that only users who supply a valid
username and password can see the documents stored
in that directory.  Encryption of the username and
password is not required, nor is encryption of the
protected content.

This is a very modest requirement, and it can be very
easily met.  I create an .htaccess file in the
directory, containing the following:

  AuthName [a name appears here]
  AuthType Basic
  AuthUserFile [the name of an .htpasswd file]
  <Limit GET POST>
  require valid-user

So far, this is all very elementary.  But I have one
more requirement.  I want username authentication to
occur in a case-insensitive manner.  Thus, if "jay"
is an authorized user, when jay's browser pops up
a window asking for name and password, I want jay to
be able to type "jay", or "Jay", or "JAY", or even
"JaY", and I want all of them to map to the line in
the .htpasswd file beginning with "jay:".

The password, in contrast, should be case-sensitive.

I can find no way of doing this, short of changing
code in mod_ntlm.c and recompiling apache, but that
would be a sledgehammer solution to a problem
requiring a paperclip.  This is perhaps an imperfect
metaphor, but you get my point.  The idea is not to
make all of apache's username authentication case-
insensitive -- just to do so for one particular

It stands to reason that there should be something
that one can put into the .htaccess file to request
this functionality, but I have looked for such a
thing, and have not found it.  The only solution I
have come up with is completely impractical: to have
separate lines in the .htpasswd file for each
variation of a username, all containing the same
encrypted password to the right of the colon.
But this is, of course, utterly bogus. It would
require, e.g., 1024 different lines for a 10-letter

I retain hope that there is some poorly-documented,
or, perhaps, undocumented, feature that provides the
functionality I seek, because I do not think the
request is unreasonable, and I cannot possibly be
the first person who has sought this functionality.
Any replies will be most appreciated, and I thank you
in advance for them all.

			Jay F. Shachter
			6424 N Whipple St
			Chicago IL  60645-4111
				jay at m5.chicago.il.us

			"Quidquid latine dictum sit, altum videtur"

More information about the ufo mailing list